---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: kafka-broker-certificate
  namespace: kafka
spec:
  secretName: kafka-tls
  duration: 9125h # 1y
  renewBefore: 360h # 15d
  subject:
    organizations:
    - arturs k8s
  isCA: false
  privateKey:
    algorithm: RSA
    encoding: PKCS8
    size: 4096
    rotationPolicy: Always
  usages:
    - server auth
    - client auth
  dnsNames:
  - kafka
  - kafka.kafka.svc
  - kafka.kafka.svc.cluster.local
  - kafka-broker-0.kafka-broker-headless.kafka.svc.cluster.local
  - kafka-broker-1.kafka-broker-headless.kafka.svc.cluster.local
  - kafka-broker-2.kafka-broker-headless.kafka.svc.cluster.local
  issuerRef:
    name: kafka-issuer
    kind: Issuer
    group: cert-manager.io
